1. Windows Security: The Basics
- past, present, and future Windows versions
- the Windows security model
- What is a Windows resource?
- NTFS permissions and the ACL
- shared folders
- shared permissions
- access-based enumeration
- Encrypting File System
- security issues with basic Windows security
- basic Windows security safeguards
2. Windows Network and OS Configurations
- workgroup defined
- domain defined
- configuration Windows Server roles
- using Server Manager
3. SAM vs. Active Directory
- overview of SAM Structure
- overview of Active Directory Structure
- benefits of Active Directory
- security issues with SAM and Active Directory
- SAM and AD safeguards
4. User and Group Accounts
- default SAM accounts
- creating new Accounts
- SID and token defined
- user and group account properties
- user rights
- security issues with user and group accounts
- user and group account safeguards
5. Windows Authentication
- logging on, user profiles, and cached credentials
- user account passwords
- authentication protocols
- anonymous connections
- security issues with Windows authentication
- Windows authentication safeguards
6. Administrator and Alternate Credential Authentication
- using RunAs
- should administrators have dual accounts?
- using and controlling User Account Control (UAC)
7. TCP/IP and Network Control Points
- overview of TCP/IP
- TCP/IP applications and ports
- Windows services and service accounts
- TCP/IP tools, commands, and controls
- configuring Windows Firewall with Advanced Security
- network access protection: System Health Validator
- security issues with TCP/IP applications and ports
- TCP/IP application and port safeguards
8. Local Security Controls
- scripts
- user rights
- audit policies
- security settings
- Windows Firewall
- software restriction policies
9. Local and AD-Based Group Policy
- Group Policy overview
- Group Policy processing
- Group Policy inheritance
- default Group Policy objects and settings
- Group Policy preferences
- controlling security using Group Policy
-- security templates
-- Security configuration and analysis
-- Security Configuration Wizard
-- advanced Group Policy management
10. Windows Security Auditing and Logging
- accessing and configuring auditing
- centralized logging with subscriptions
- controlling the security logs with Event Viewer and AuditPol
- configuring security log triggers
- controlling and configuring security log access
11. Backup and Restore Procedures
- intervals and scheduling
- system state
- protecting stored tapes
- testing restorations
- host-based intrusion detection tools and solutions
- security issues with backup and restore procedures
- backup and restore safeguards
12. Tools for Deploying and Gathering Security Controls
- hotfixes and service packs
- using WSUS to protect Windows computers
- using MBSA to audit Windows computers
- DUMPSEC and Hyena
13. Performing a Windows Audit
- what should be gathered?
- which Servers should be audited?
- which security controls should be included?
- how to efficiently gather security information
- developing an audit program
- hands-on-lab to analyze a Windows Server
